Thanks David.
Generally for Operating systems like Amazon Linux etc which does not have a
IPA-Client, we generally use SSSD to get things working.

Advertising

In such cases, what would be optimal way to configure the SRV records as
--domain parameter won't be present.
On Mon, Jan 25, 2016 at 5:16 PM, David Kupka <dku...@redhat.com> wrote:
> On 25/01/16 12:08, Zeal Vora wrote:
>
>> Thanks Petr.
>>
>> So if the domain is example.com, in DNS, what would be the IP associated
>> with it ?
>>
>> As there are 2 master servers, each of them will have different IP
>> address.
>>
>> On Mon, Jan 25, 2016 at 4:34 PM, Petr Spacek <pspa...@redhat.com> wrote:
>>
>> On 25.1.2016 10:47, Zeal Vora wrote:
>>>
>>>> Hi
>>>>
>>>> I have setup a multi-master IPA and it seems to be working fine.
>>>>
>>>> The clients ( laptops and servers ) are not using the DNS of IPA.
>>>>
>>>> I was wondering, while configuring ipa-client, which server do I
>>>>
>>> reference
>>>
>>>> to when it asks the ipa-server hostname ?
>>>>
>>>> Both the master server has different hostnames.
>>>>
>>>> master1.example.com ( Master 1 )
>>>> master2.example.com ( Master 2 )
>>>>
>>>
>>> Specify only --domain option and do not use --server option at all. In
>>> will
>>> enable server auto-detection using DNS SRV records and you will not need
>>> to
>>> worry about adding/removing servers because all clients will
>>> automatically
>>> pick the new list up.
>>>
>>> --
>>> Petr^2 Spacek
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>>>
>>>
>>
>>
>>
> The '--domain' parameter is for client installer to form DNS request.
> Request that is sent is the same as one sent by this command:
> dig -t SRV _ldap._tcp.<domain>
>
> It then receiver list of records similar to this one:
> 100 0 389 <master1-fqdn>
> 100 0 389 <master2-fqdn>
>
> Installer then goes through the list and checks if it's really FreeIPA
> server and first one that passes is used. When IP address is needed it can
> be resolved from the name included in SRV response.
>
> HTH,
> --
> David Kupka
>